I have created an online donation form for a Public Library. The form collects names, phone numbers, emails, addresses (a lot of personal info). The form is submitted to a PHP script that saves the information to CSV file and forwards the user to a PayPal checkout form for the donation amount they entered. People are unable to access the CSV file because there is a .htaccess
file with the following:
Order Allow,Deny
Deny from all
The people at the library would like to be able to access the information to send out thank you notes and for there records.
How can I give someone access to a file, on a website, securely without relying on a single password?
I though of using Basic Authentication but it relies on a single password that can be easily brute forced or too complicated to remember. Additionally, it could be socially engineered, or forgotten.
Keep in mind I do not have shell access to the server or to the Apache config files.